RansomedVC operations to cease

After admitting responsibility for compromising Sony, a Colonial Pipeline supplier, and a Hawai'i government site, the RansomedVC group has claimed that it will be ending operations due to the arrests of six of its affiliates, reports The Record, a news site by cybersecurity firm Recorded Future. RansomedVC had its ransomware builder and domain names, as well as compromised firms' VPN access, affiliate and social media account access, and databases valued at about $10 million, promoted for sale on Telegram since Oct. 30 by an actor claiming to be the group's operator, who later gave discounts to potential buyers. The actor then admitted that the sale was due to the affiliate arrests, while noting that RansomedVC has already let go all of its 98 affiliates. All of the Telegram messages have since been deleted. Such ransomware operation shutdown was uncommon but the group, which had several of its attack claims refuted by its supposed victims, was more intent on attention-seeking efforts than actual intrusions, according to Recorded Future ransomware expert Allan Liska.